[EMAIL PROTECTED] wrote:
Read the documentation (wiki, users file). For 1.1.6. you should be using
Cleartext-Password attribute.
Ok, I updated the radcheck table in mysql so that the atttibute read
"Cleartext-Password". I now get a different result when trying to log in
from the wlan:
rlm_sql (sql): No matching entry in the database for request from user
[growse]
modcall[authorize]: module "sql" returns notfound for request 7
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected
earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [growse] (from client wlan port 34 cli 000e35bd8c13)
For some reason, sql is now returning "not found", presumably because
it's looking for the "Password" attribute and doesn't understand
"Cleartext-Password" (just guessing here). However, the correct
auth-type is now set, although it rejects the user. Is it rejecting
because the sql module returned notfound?
Also, my cisco device logins have now broken since updating this
attribute, I'm guessing because the sql module can't authenticate the
user against the db?
Thanks,
Andrew
Dana 8/9/2007, "Andrew Rowson" <[EMAIL PROTECTED]> piše:
[EMAIL PROTECTED] wrote:
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Local
What is that DEFAULT entry? Is Auth-Type Local coming from there? Or do
you have in the database? It had to come from somewhere.
The DEFAULT entry in the users is for an auth-type of System. There's
nothing in the DB that specifies an auth-type.
And what Freeradius version are you using? User-Password should not be
used in recent server versions.
Freeradius version is 1.1.6. What do you mean about User-Password
shouldn't be used?
Thanks,
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
